fix: code review
This commit is contained in:
Torsten Dittmann
parent
75fc59931a
commit
db321db0fb
5 changed files with 24 additions and 32 deletions
|
|
@ -239,7 +239,7 @@ return [
|
||||||
],
|
],
|
||||||
Exception::USER_MORE_FACTORS_REQUIRED => [
|
Exception::USER_MORE_FACTORS_REQUIRED => [
|
||||||
'name' => Exception::USER_MORE_FACTORS_REQUIRED,
|
'name' => Exception::USER_MORE_FACTORS_REQUIRED,
|
||||||
'description' => null,
|
'description' => 'More factors are required to complete the sign in process.',
|
||||||
'code' => 400,
|
'code' => 400,
|
||||||
],
|
],
|
||||||
Exception::USER_OAUTH2_BAD_REQUEST => [
|
Exception::USER_OAUTH2_BAD_REQUEST => [
|
||||||
|
|
|
||||||
|
|
@ -3437,7 +3437,6 @@ App::patch('/v1/account/mfa')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
->label('audits.resource', 'user/{response.$id}')
|
->label('audits.resource', 'user/{response.$id}')
|
||||||
->label('audits.userId', '{response.$id}')
|
->label('audits.userId', '{response.$id}')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'updateMFA')
|
->label('sdk.method', 'updateMFA')
|
||||||
|
|
@ -3464,14 +3463,13 @@ App::patch('/v1/account/mfa')
|
||||||
$response->dynamic($user, Response::MODEL_ACCOUNT);
|
$response->dynamic($user, Response::MODEL_ACCOUNT);
|
||||||
});
|
});
|
||||||
|
|
||||||
App::get('/v1/account/mfa/providers')
|
App::get('/v1/account/mfa/factors')
|
||||||
->desc('List Providers')
|
->desc('List Factors')
|
||||||
->groups(['api', 'account', 'mfa'])
|
->groups(['api', 'account', 'mfa'])
|
||||||
->label('scope', 'accounts.read')
|
->label('scope', 'accounts.read')
|
||||||
->label('usage.metric', 'users.{scope}.requests.read')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'listProviders')
|
->label('sdk.method', 'listFactors')
|
||||||
->label('sdk.description', '/docs/references/account/get.md')
|
->label('sdk.description', '/docs/references/account/get.md')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
|
|
@ -3491,7 +3489,7 @@ App::get('/v1/account/mfa/providers')
|
||||||
$response->dynamic($providers, Response::MODEL_MFA_PROVIDERS);
|
$response->dynamic($providers, Response::MODEL_MFA_PROVIDERS);
|
||||||
});
|
});
|
||||||
|
|
||||||
App::post('/v1/account/mfa/:provider')
|
App::post('/v1/account/mfa/:factor')
|
||||||
->desc('Add Authenticator')
|
->desc('Add Authenticator')
|
||||||
->groups(['api', 'account'])
|
->groups(['api', 'account'])
|
||||||
->label('event', 'users.[userId].update.mfa')
|
->label('event', 'users.[userId].update.mfa')
|
||||||
|
|
@ -3499,7 +3497,6 @@ App::post('/v1/account/mfa/:provider')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
->label('audits.resource', 'user/{response.$id}')
|
->label('audits.resource', 'user/{response.$id}')
|
||||||
->label('audits.userId', '{response.$id}')
|
->label('audits.userId', '{response.$id}')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'addAuthenticator')
|
->label('sdk.method', 'addAuthenticator')
|
||||||
|
|
@ -3509,16 +3506,16 @@ App::post('/v1/account/mfa/:provider')
|
||||||
->label('sdk.response.model', Response::MODEL_MFA_PROVIDER)
|
->label('sdk.response.model', Response::MODEL_MFA_PROVIDER)
|
||||||
->label('sdk.offline.model', '/account')
|
->label('sdk.offline.model', '/account')
|
||||||
->label('sdk.offline.key', 'current')
|
->label('sdk.offline.key', 'current')
|
||||||
->param('provider', null, new WhiteList(['totp']), 'Provider.')
|
->param('factor', null, new WhiteList(['totp']), 'Factor.')
|
||||||
->inject('requestTimestamp')
|
->inject('requestTimestamp')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('project')
|
->inject('project')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('queueForEvents')
|
->inject('queueForEvents')
|
||||||
->action(function (string $provider, ?\DateTime $requestTimestamp, Response $response, Document $project, Document $user, Database $dbForProject, Event $queueForEvents) {
|
->action(function (string $factor, ?\DateTime $requestTimestamp, Response $response, Document $project, Document $user, Database $dbForProject, Event $queueForEvents) {
|
||||||
|
|
||||||
$otp = match ($provider) {
|
$otp = match ($factor) {
|
||||||
'totp' => new TOTP(),
|
'totp' => new TOTP(),
|
||||||
default => throw new Exception(Exception::GENERAL_UNKNOWN, 'Unknown provider.')
|
default => throw new Exception(Exception::GENERAL_UNKNOWN, 'Unknown provider.')
|
||||||
};
|
};
|
||||||
|
|
@ -3551,7 +3548,7 @@ App::post('/v1/account/mfa/:provider')
|
||||||
$response->dynamic($model, Response::MODEL_MFA_PROVIDER);
|
$response->dynamic($model, Response::MODEL_MFA_PROVIDER);
|
||||||
});
|
});
|
||||||
|
|
||||||
App::put('/v1/account/mfa/:provider')
|
App::put('/v1/account/mfa/:factor')
|
||||||
->desc('Verify Authenticator')
|
->desc('Verify Authenticator')
|
||||||
->groups(['api', 'account'])
|
->groups(['api', 'account'])
|
||||||
->label('event', 'users.[userId].update.mfa')
|
->label('event', 'users.[userId].update.mfa')
|
||||||
|
|
@ -3559,7 +3556,6 @@ App::put('/v1/account/mfa/:provider')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
->label('audits.resource', 'user/{response.$id}')
|
->label('audits.resource', 'user/{response.$id}')
|
||||||
->label('audits.userId', '{response.$id}')
|
->label('audits.userId', '{response.$id}')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'verifyAuthenticator')
|
->label('sdk.method', 'verifyAuthenticator')
|
||||||
|
|
@ -3569,7 +3565,7 @@ App::put('/v1/account/mfa/:provider')
|
||||||
->label('sdk.response.model', Response::MODEL_USER)
|
->label('sdk.response.model', Response::MODEL_USER)
|
||||||
->label('sdk.offline.model', '/account')
|
->label('sdk.offline.model', '/account')
|
||||||
->label('sdk.offline.key', 'current')
|
->label('sdk.offline.key', 'current')
|
||||||
->param('provider', null, new WhiteList(['totp']), 'Provider.')
|
->param('factor', null, new WhiteList(['totp']), 'Factor.')
|
||||||
->param('otp', '', new Text(256), 'Valid verification token.')
|
->param('otp', '', new Text(256), 'Valid verification token.')
|
||||||
->inject('requestTimestamp')
|
->inject('requestTimestamp')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
|
|
@ -3577,9 +3573,9 @@ App::put('/v1/account/mfa/:provider')
|
||||||
->inject('project')
|
->inject('project')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('queueForEvents')
|
->inject('queueForEvents')
|
||||||
->action(function (string $provider, string $otp, ?\DateTime $requestTimestamp, Response $response, Document $user, Document $project, Database $dbForProject, Event $queueForEvents) {
|
->action(function (string $factor, string $otp, ?\DateTime $requestTimestamp, Response $response, Document $user, Document $project, Database $dbForProject, Event $queueForEvents) {
|
||||||
|
|
||||||
$success = match ($provider) {
|
$success = match ($factor) {
|
||||||
'totp' => Challenge\TOTP::verify($user, $otp),
|
'totp' => Challenge\TOTP::verify($user, $otp),
|
||||||
default => false
|
default => false
|
||||||
};
|
};
|
||||||
|
|
@ -3616,7 +3612,6 @@ App::delete('/v1/account/mfa/:provider')
|
||||||
->label('audits.event', 'user.update')
|
->label('audits.event', 'user.update')
|
||||||
->label('audits.resource', 'user/{response.$id}')
|
->label('audits.resource', 'user/{response.$id}')
|
||||||
->label('audits.userId', '{response.$id}')
|
->label('audits.userId', '{response.$id}')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'deleteAuthenticator')
|
->label('sdk.method', 'deleteAuthenticator')
|
||||||
|
|
@ -3624,8 +3619,6 @@ App::delete('/v1/account/mfa/:provider')
|
||||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||||
->label('sdk.response.model', Response::MODEL_USER)
|
->label('sdk.response.model', Response::MODEL_USER)
|
||||||
->label('sdk.offline.model', '/account')
|
|
||||||
->label('sdk.offline.key', 'current')
|
|
||||||
->param('provider', null, new WhiteList(['totp']), 'Provider.')
|
->param('provider', null, new WhiteList(['totp']), 'Provider.')
|
||||||
->param('otp', '', new Text(256), 'Valid verification token.')
|
->param('otp', '', new Text(256), 'Valid verification token.')
|
||||||
->inject('requestTimestamp')
|
->inject('requestTimestamp')
|
||||||
|
|
@ -3764,7 +3757,6 @@ App::put('/v1/account/mfa/challenge')
|
||||||
->label('audits.event', 'challenges.update')
|
->label('audits.event', 'challenges.update')
|
||||||
->label('audits.resource', 'user/{response.userId}')
|
->label('audits.resource', 'user/{response.userId}')
|
||||||
->label('audits.userId', '{response.userId}')
|
->label('audits.userId', '{response.userId}')
|
||||||
->label('usage.metric', 'users.{scope}.requests.update')
|
|
||||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
|
||||||
->label('sdk.namespace', 'account')
|
->label('sdk.namespace', 'account')
|
||||||
->label('sdk.method', 'updateChallenge')
|
->label('sdk.method', 'updateChallenge')
|
||||||
|
|
@ -3784,7 +3776,7 @@ App::put('/v1/account/mfa/challenge')
|
||||||
|
|
||||||
$challenge = $dbForProject->getDocument('challenges', $challengeId);
|
$challenge = $dbForProject->getDocument('challenges', $challengeId);
|
||||||
|
|
||||||
if (!$challenge) {
|
if ($challenge->isEmpty()) {
|
||||||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3801,7 +3793,7 @@ App::put('/v1/account/mfa/challenge')
|
||||||
}
|
}
|
||||||
|
|
||||||
$dbForProject->deleteDocument('challenges', $challengeId);
|
$dbForProject->deleteDocument('challenges', $challengeId);
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->purgeCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
|
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
|
||||||
$sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration);
|
$sessionId = Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration);
|
||||||
|
|
|
||||||
12
composer.lock
generated
12
composer.lock
generated
|
|
@ -1543,16 +1543,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "utopia-php/database",
|
"name": "utopia-php/database",
|
||||||
"version": "0.48.0",
|
"version": "0.48.1",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/utopia-php/database.git",
|
"url": "https://github.com/utopia-php/database.git",
|
||||||
"reference": "2651f41b9d3909dc123d26becfb6a3a44fb63077"
|
"reference": "52abe057180a76fe354a516300344b33f268f6ea"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/utopia-php/database/zipball/2651f41b9d3909dc123d26becfb6a3a44fb63077",
|
"url": "https://api.github.com/repos/utopia-php/database/zipball/52abe057180a76fe354a516300344b33f268f6ea",
|
||||||
"reference": "2651f41b9d3909dc123d26becfb6a3a44fb63077",
|
"reference": "52abe057180a76fe354a516300344b33f268f6ea",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
|
@ -1593,9 +1593,9 @@
|
||||||
],
|
],
|
||||||
"support": {
|
"support": {
|
||||||
"issues": "https://github.com/utopia-php/database/issues",
|
"issues": "https://github.com/utopia-php/database/issues",
|
||||||
"source": "https://github.com/utopia-php/database/tree/0.48.0"
|
"source": "https://github.com/utopia-php/database/tree/0.48.1"
|
||||||
},
|
},
|
||||||
"time": "2024-01-19T08:17:22+00:00"
|
"time": "2024-02-02T04:54:13+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "utopia-php/domains",
|
"name": "utopia-php/domains",
|
||||||
|
|
|
||||||
|
|
@ -12,20 +12,20 @@ class MFAProvider extends Model
|
||||||
$this
|
$this
|
||||||
->addRule('backups', [
|
->addRule('backups', [
|
||||||
'type' => self::TYPE_STRING,
|
'type' => self::TYPE_STRING,
|
||||||
'description' => 'backup codes',
|
'description' => 'Backup codes.',
|
||||||
'array' => true,
|
'array' => true,
|
||||||
'default' => [],
|
'default' => [],
|
||||||
'example' => true
|
'example' => true
|
||||||
])
|
])
|
||||||
->addRule('secret', [
|
->addRule('secret', [
|
||||||
'type' => self::TYPE_STRING,
|
'type' => self::TYPE_STRING,
|
||||||
'description' => 'secret used for top auth',
|
'description' => 'Secret token used for TOTP factor.',
|
||||||
'default' => '',
|
'default' => '',
|
||||||
'example' => true
|
'example' => true
|
||||||
])
|
])
|
||||||
->addRule('uri', [
|
->addRule('uri', [
|
||||||
'type' => self::TYPE_STRING,
|
'type' => self::TYPE_STRING,
|
||||||
'description' => 'uri for otp app',
|
'description' => 'URI for authenticator apps.',
|
||||||
'default' => '',
|
'default' => '',
|
||||||
'example' => true
|
'example' => true
|
||||||
])
|
])
|
||||||
|
|
|
||||||
|
|
@ -162,7 +162,7 @@ class Session extends Model
|
||||||
])
|
])
|
||||||
->addRule('factors', [
|
->addRule('factors', [
|
||||||
'type' => self::TYPE_INTEGER,
|
'type' => self::TYPE_INTEGER,
|
||||||
'description' => 'Returns true if this the current user session.',
|
'description' => 'Returns a list of active session factors.',
|
||||||
'default' => 1,
|
'default' => 1,
|
||||||
'example' => 1,
|
'example' => 1,
|
||||||
])
|
])
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue